diff --git a/app/models/devise_token_auth/concerns/user.rb b/app/models/devise_token_auth/concerns/user.rb
index 7d9d49f53..baa336f99 100644
--- a/app/models/devise_token_auth/concerns/user.rb
+++ b/app/models/devise_token_auth/concerns/user.rb
@@ -251,10 +251,12 @@ def sync_uid
   end
 
   def destroy_expired_tokens
-    self.tokens.delete_if{|cid,v|
-      expiry = v[:expiry] || v["expiry"]
-      DateTime.strptime(expiry.to_s, '%s') < Time.now
-    }
+    if self.tokens
+      self.tokens.delete_if do |cid, v|
+        expiry = v[:expiry] || v["expiry"]
+        DateTime.strptime(expiry.to_s, '%s') < Time.now
+      end
+    end
   end
 
 end
diff --git a/test/models/user_test.rb b/test/models/user_test.rb
index 5b27db289..93a127c9e 100644
--- a/test/models/user_test.rb
+++ b/test/models/user_test.rb
@@ -87,6 +87,19 @@ class UserTest < ActiveSupport::TestCase
       end
     end
 
+    describe 'nil tokens are handled properly' do
+      before do
+        @resource = users(:confirmed_email_user)
+        @resource.skip_confirmation!
+        @resource.save!
+      end
+
+      test 'tokens can be set to nil' do
+        @resource.tokens = nil
+        assert @resource.save
+      end
+    end
+
     describe "#generate_url" do
       test 'URI fragment should appear at the end of URL' do
         params = {client_id: 123}